cdc770.exe

Georgi Georgiev

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application cdc770.exe by Georgi Georgiev has been detected as adware by 16 anti-malware scanners. The file has been seen being downloaded from www.nansq.info and multiple other hosts.
Publisher:
Georgi Georgiev  (signed and verified)

MD5:
ef05af860bf3bac5c2f0f29e350180d1

SHA-1:
f643ccd0f599a4c9d6c607e884588a7d026f7c2a

SHA-256:
302561a93cf9d1a4d953b9e3b2b31655a35ddc3ccc36bc411f27c4c51f913803

Scanner detections:
16 / 68

Status:
Adware

Analysis date:
12/28/2024 11:19:48 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2083905
750

AVG
Win32/DH
2016.0.3228

Bitdefender
Trojan.GenericKD.2083905
1.0.20.80

Comodo Security
ApplicUnwnt
20727

Emsisoft Anti-Malware
Trojan.GenericKD.2083905
8.15.01.16.03

ESET NOD32
Win32/AdWare.Vonteera (variant)
9.11023

Fortinet FortiGate
Riskware/Vonteera
1/16/2015

F-Secure
Trojan.GenericKD.2083905
11.2015-16-01_6

G Data
Trojan.GenericKD.2083905
15.1.24

IKARUS anti.virus
PUA.Vonteera
t3scan.1.8.6.0

K7 AntiVirus
Adware
13.191.14661

McAfee
Artemis!EF05AF860BF3
5600.6884

MicroWorld eScan
Trojan.GenericKD.2083905
16.0.0.48

Norman
VMProtect.W
11.20150116

Reason Heuristics
PUP.GeorgiGeorgiev
15.2.14.11

Trend Micro House Call
Suspicious_GEN.F47V0115
7.2.16

File size:
1.1 MB (1,107,536 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\6v1sttnl\cdc770.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
6/6/2014 4:00:00 AM

Valid to:
6/6/2016 3:59:59 AM

Subject:
CN=Georgi Georgiev, O=Georgi Georgiev, STREET="4 Petar Stoinov Str., Chelopechene", L=Sofia, S=Sofia, PostalCode=1617, C=BG

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
50E7161B35AEFC4CA801C951BEF0279A

File PE Metadata
Compilation timestamp:
1/15/2015 10:35:41 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:jY7KU0D2KvyNhXCV4E8BXAfrnkcAqU0AMKyEILbBBQOedeoK/Ef:jY7KD2Kv+hyz8grnkQfhK5IxBEdeojf

Entry address:
0xEF5F

Entry point:
E8, 95, 6D, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 00, 1A, 00, 00, 3B, 0D, A0, 44, 43, 00, 75, 02, F3, C3, E9, 11, 6E, 00, 00, 8B, FF, 51, C7, 01, FC, 94, 42, 00, E8, 09, 6F, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, F1, E8, E3, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, BD, FF, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 83, C1, 09, 51, 83, C0, 09, 50, E8, 47, 6F, 00, 00, F7, D8, 59, 1B, C0, 59, 40, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 8B, 75, 14, 85, F6...
 
[+]

Entropy:
6.8585

Code size:
158.5 KB (162,304 bytes)

The file cdc770.exe has been seen being distributed by the following 6 URLs.

http://www.nansq.info/.../3c8f839db8.exe

http://www.colompia.info/.../a2a7065.exe

http://www.nansq.info/.../e5c4cacfdb.exe

http://www.colompia.info/.../0a1e054.exe

http://www.colompia.info/.../abb144c2.exe

Remove cdc770.exe - Powered by Reason Core Security